cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1425
Views
0
Helpful
5
Replies

Cannot ping internet from switch VLANs

tyler.perkey
Level 1
Level 1

I have a pretty basic network setup in one office, we have an ASA at the edge with 3650G switch acting as the core.  The ASA and switch have vlan 100 between them acting as a transit network of 10.1.100.x/24 and the switch has a handful of VLANS.  From devices connected to the switch I can ping out to the internet, from the switch itself (and other switches on the network) I cannot source ping and get successful replies on any VLAN other than VLAN 100.  The switch and ASA are running OSPF, both in area 0, I can successfully ping the inside of the ASA from every other VLAN but trying to ping 8.8.8.8 from any other switch I don't get replies.Switching, source ping

1 Accepted Solution

Accepted Solutions

I believe I have solved the problem, the ASA was limited to 10 inside users so I think we were hitting that device limite...that's why everything had valid IP's, routes were valid and nothing seemed to work.  I replaced it with an ASA that had unlimited users and so far the problem is resolved.

View solution in original post

5 Replies 5

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

Can you confirm the routing table on the ASA:

 

sh route

 

...can you also confirm that the object-group used  for NAT on the ASA includes all of the other (non-VLAN100) subnets?

 

cheers,

Seb.

The route table has all routes for subnets we currently have active.  The object nat is on a group that is 10.1.0.0 255.255.0.0, that covers all our inside networks.  

I'm guessing 10.1.101.128 exists in your network....on the ASA what is the output of:

 

packet-tracer input inside tcp 10.1.101.128 50000 8.8.8.8 http det

Hello Tyler,

what about the upstream path , the routing table on internal switches?

If they are L3 are they speaking OSPF with the core switch ?

There is a default route in OSPF generated by the ASA or the core switch?

check with

show ip ospf database external 0.0.0.0

If the internal switches are L3 but they do not speak OSPF, have you configured a static default route pointing to the core switch IP address in an internal Vlan (the management vlan is a good candidate)?

If the internal switches are L2 only with ip routing disabled have you configured ip default-gateway <core-switch-IP-address-mgmt-vlan> ?

 

Hope to help

Giuseppe

 

I believe I have solved the problem, the ASA was limited to 10 inside users so I think we were hitting that device limite...that's why everything had valid IP's, routes were valid and nothing seemed to work.  I replaced it with an ASA that had unlimited users and so far the problem is resolved.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: